Originally reported by ZDNet, security firm Lookout has discovered a new spyware strain called “Goontact”. This malware can steal victim data such as phone identifiers, SMS messages, photos, and location information. The spyware has been most recently distributed from third-party sites promoting free instant messaging apps for reaching escort services. While Goontact has yet to reach official app stores from Google and Apple, Lookout has notified both, with each company implementing their own mitigation.
Goontact is distributed via third-party app stores. While Apple already goes to great lengths to ensure its users can only install apps from the App Store, Google still allows Android users to install apps from any source by changing a simple setting on their device. Binary Defense recommends only installing applications from official sources such as the App Store for iPhone and Google Play for Android devices. Additionally, Binary Defense recommends deploying some form of Mobile Device Management (MDM) solution to manage enterprise-owned devices. Some MDM solutions even allow organizations to curate a selection of approved apps to download through the MDM while blocking other installation methods.